473,326 Members | 2,081 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Local service accounts and network shares

ok, so I kow that the local system accoutn can't get to a network share, and
if you want to do that and not lose any of your other priveliges you need to
run under a user name and password that is configured at installation.

So now for the problem.

How do I get around this ?

I really would liek to be able to reduce the amount of steps that the user
has to take to deploy my aplication, and I really don't want to send the user
in to modify local account policies. Also it creates a lot of hell for tech
support each time a user changes their password and the services all decide
to die due to privelige issues.

How do you clean this issue up ?

any hints/commnets/sugestions will be greatly appreciated.
Nov 16 '05 #1
2 4553
Hi Bas,

You're talking about network resource security vs. user friendly, and
the two are often disparate (at least in a well secured network
environment). The best way I've found to work in a disconnected
environment is to test the network resource, trap any errors, and prompt
the user for a username/password. I then store the information they
provide in an encrypted resource file in their local account folder
(C:\Documents and Settings\[UserName]\Application Data\[MyApp]).

The stored information in the encrypted file can be used so that the
user only gets prompted once when a particular resource account login
changes. However, you must be considerate of security policies and
issues at any given location if using this type of approach.

Hope this helps.

- Glen

Bas Hamer wrote:
ok, so I kow that the local system accoutn can't get to a network share, and
if you want to do that and not lose any of your other priveliges you need to
run under a user name and password that is configured at installation.

So now for the problem.

How do I get around this ?

I really would liek to be able to reduce the amount of steps that the user
has to take to deploy my aplication, and I really don't want to send the user
in to modify local account policies. Also it creates a lot of hell for tech
support each time a user changes their password and the services all decide
to die due to privelige issues.

How do you clean this issue up ?

any hints/commnets/sugestions will be greatly appreciated.

Nov 16 '05 #2
The "LocalSystem" account uses the machine account to access network
resources, if you run in a AD domain realm (were all machine accounts are
considered normal user accounts) you simply have to grant this account the
required access rights to the resource.
If this is not possible, you could call NetUseAdd through PInvoke in order
to establish a use record (specifying the user credentials with appropriate
privileges) .

Willy.

"Bas Hamer" <Ba******@discussions.microsoft.com> wrote in message
news:E2**********************************@microsof t.com...
ok, so I kow that the local system accoutn can't get to a network share,
and
if you want to do that and not lose any of your other priveliges you need
to
run under a user name and password that is configured at installation.

So now for the problem.

How do I get around this ?

I really would liek to be able to reduce the amount of steps that the user
has to take to deploy my aplication, and I really don't want to send the
user
in to modify local account policies. Also it creates a lot of hell for
tech
support each time a user changes their password and the services all
decide
to die due to privelige issues.

How do you clean this issue up ?

any hints/commnets/sugestions will be greatly appreciated.

Nov 16 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: Kona | last post by:
Hello, My server is part of a W2K domain. What do you advice me as account to run my SQL*Server, service started with a domain user account or as local system ? I need advices from a security...
3
by: AHartman | last post by:
What are gotchas for starting Sql & the agent with a Local system account versus a system Domain account.
6
by: Rob | last post by:
Hi, I am working on a project that requires a Windows Service which performs the following file transfer functions. 1. It monitors a specific local directory on a Windows 2003 Server. 2. When...
3
by: Bonj | last post by:
I need to write a windows service, and the only way it can access a shared drive on a file server on the network is if the installer is put in "User" mode - "LocalService", "LocalSystem" and...
5
by: pberna | last post by:
Dear all, I built a Web Form application to start and stop a Windows Service remotely. I successful tested the application on Windows 2000 server + IIS. I must include the ASPNET user to the...
3
by: jimmyfishbean | last post by:
Hi, My client has the following network structure: 2 Windows 2003 servers : Server 1 - Web server running IIS, ftp import and export folder, ASP.NET SOAP web service and asp code on here....
2
by: ABCL | last post by:
Hi All, Can any one tell me that what is the difference between Network Service, Local Service and Local System ACcount for window services ABCL
4
by: Daniel | last post by:
Can someone please describe why impersonation requires the impersonator to be local admin?
5
by: lmttag | last post by:
ASP.NET 2.0 (C#) application Intranet application (not on the Internet) Using Windows authentication and impersonation Windows Server 2003 (IIS6) Server is a member server on a domain Logged...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.